CVE-2024-22255
HIGH EXPLOITED RANSOMWAREVMware ESXi, Workstation, and Fusion - Info Disclosure
Title source: llmDescription
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
Scores
CVSS v3
7.1
EPSS
0.0435
EPSS Percentile
88.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Exploitation Intel
VulnCheck KEV
2024-10-11
Ransomware Use
Confirmed
Classification
CWE
CWE-770
Status
published
Affected Products (37)
vmware/cloud_foundation
< 5.0
vmware/workstation
< 17.5.1
vmware/esxi
vmware/esxi
vmware/esxi
vmware/esxi
vmware/esxi
vmware/esxi
vmware/esxi
vmware/esxi
vmware/esxi
vmware/esxi
vmware/esxi
vmware/esxi
vmware/esxi
... and 22 more
Timeline
Published
Mar 05, 2024
Tracked Since
Feb 18, 2026